Network management security - Switches and SVIs

Similar Messages

• J2EE Container Managed Security doc and inquiry about what to do if I tweak

  hello:
  If the application_roles is taken out of the database schema, would the example still work with minimal changes? There is a possibility our organization may a separate department handling username and password while our app and our separate database will handle roles. Is there something I need to be aware of or is it just a matter of looking up the role in a separate table after authentication? Based on roles, users will have different authorities. is there something built in Oracle JDev?
  Thanks

  Hi,
  you can do anything you want with custom LoginModules. If the provided database login module in OC4J is not sufficient then you can also build yur own login module (or use one of the three I built and published 2 years ago). So the answer is that it is not relevant of where the role definition comes from as long as it is associated with the user upon authentication
  Frank

• [SOLVED]Network Manager Applet and nmcli failing after GCC upgrade

  Hi All,
  So I went to update my system today and there were only like 8 or 9 updates. Like many other people I had an issue with gcc and pacman. To fix this I ran
  pacman -S gcc
  Then I ran:
  pacman -Su
  which updated pacman itself. On reboot though I noticed network manager applet was unable to find any of my network devices despite the fact that network manager was running and I had an IP address. I killed nm-applet and re-ran it and it spewed errors about not being able to connect to network manager. I tried running nmcli and it did the same thing. However, when I run nmcli as root it works. Looking at the arch wiki they suggest you be a part of the wheel and network group which I made sure I was. Everything was working up until I ran those two updates though. Anyone else have this happen or have any idea what is wrong?
  Thanks,
  Hemmar
  EDIT: Never mind - a patch was released for consolekit which fixes the problem.
  Last edited by hemmar (2012-04-13 00:36:49)

  Hi guz46
  I have already tried removing the ! and the same thing happened ... but I realised today that I was being automatically connected to "Auto eth0" despite there being no cable present. When automatic connection was disabled on "Auto eth0" my 3G connection (ppp0) connected fine.
  Could you clarify that the preferred set-up in the /etc/rc.conf for the interfaces is without the !. The Wiki for networkmanager says to disable them, but then states that some may need to be reenabled with no explanation. The purpose of this confuses me!
  Thanks for you help anyways,
  Scott
  EDIT:
  I appear to have fixed my problem with the auto connection on the various interfaces by updating my /etc/rc.conf file to:
  #Static IP example
  #eth0="dhcp"
  ppp0="dhcp"
  wlan0="dhcp"
  eth0="dhcp"
  INTERFACES=(ppp0 wlan0 eth0)
  Thus ensuring that I can connect in order of preference.
  Last edited by ScottArch (2009-11-03 18:48:47)

• [SOLVED] Network Manager & Arch Way

  Hi All
          I am a noob Arch user. I installed Arch with Gnome 3 recently. I used to manually connect to WiFi for the first few days (just for fun) and then I decided to go with the netfcg+newlan way. I found it to be really slow. I then decided to take the information on Arch Wiki (that says network manager is faster) and installed network manager + nm-applet. I had no issues with WiFi configuration. Everything works for me. But I don't know what network manager is doing. I can know that if I want to. But why use a tool that hides things from me. Philosophically speaking, isn't network manager against the true Arch way? What do experienced Arch users think of this?
  V
  Last edited by skmarch (2011-06-23 04:54:47)

  I did install it and it has been "bothering" me that I don't know whats behind this GUI. I simply clicked a few buttons and the network connected. Thats awesome. But I left ubuntu for the same reason: I don't know whats going on. I don't want to be dumbed down. On the other hand, I really did not like the netcfg way. It is slow. And since this is my laptop which I sometimes take to school, I want the ability to connect to different networks (with different security types, especially WPA). So netcfg with net-profiles seems like a good option (or network manager). There was no comment on the wiki about the speed of Wicd: https://wiki.archlinux.org/index.php/Wi … nt_methods
  According to https://bbs.archlinux.org/viewtopic.php?id=117754 Wicd is better. But once again no comment on the speed. I want internet as soon as the laptop boots. Network manager does that. But to me, as a purist, its not in the Arch way. I want something with more control and more configurability.
  So once again: Is Wicd faster than network manager?
  Last edited by skmarch (2011-06-22 22:44:01)

• Network Manager Can't Connect Wirelessly

  Hi everyone,
  I'm trying to migrate from Connman to Network Manager for my network needs (as well as from e17 to xmonad) and I'm seeing some strange behavior. I can get the network manager applet running, but it won't connect to any wireless networks. I see a bunch of networks floating around in the connections list, but if I click on one, nothing happens. Furthermore, if I try to connect by command line, I get the following weirdness
  Input:
  nmcli con up uuid f767eb89-ccbc-4dbe-bf12-af216ab8f9ff ap A0:21:B7:72:A3:CE
  (the uuid is for my wlan0 interface and the ap is the BSSID of my network).
  Output:
  Active connection state: activating
  Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/0
  ** (process:2012): WARNING **: _nm_object_get_property: Error getting 'State' for /org/freedesktop/NetworkManager/ActiveConnection/0: (19) Method "Get" with signature "ss" on interface "org.freedesktop.DBus.Properties" doesn't exist
  state: unknown
  Error: Connection activation failed.
  I'm fairly sure that I have my policy kit working correctly. I have dbus and network manager as daemons and I logged in to an xmonad session using GDM, which should do my policy management for me, right?
  I think its the wrong error message for a policy kit error anyways.
  Any ideas?
  Thanks in advance!
  Last edited by Yurlungur (2012-04-16 04:29:32)

  I switched to wicd, so this isn't an issue anymore, I guess... still not sure what was going wrong, though.

• Network management tool Cisco

  Hi,
  Ive been looking for Cisco software to manage an entire network. Lets say i have a network with 200 switches and i want to do a mass firmware upgrade on all switches is there a Cisco product which can do this? Ive been looking at Cisco Prime but I cant find if Prime is capable of doing this.
  thanks in advance.
  Kind regards,
  Bart

  Hello Barry,
  Please provide additional information on the Prime Infrastructure without providing your Cisco e-mail address.
  One of our goals on the Cisco Support Community is to share information so that everyone in the discussion forums benefits.
  Your e-mail address has been removed from this discussion.
  Thank you for your understanding!
  Litsa
  Cisco Support Community

• Package needed for network manager install

  Trying to configure and install the latest network manager from source and I get an error:
  configure: error: couldn't find pppd.h. pppd development headers are required.
  The network manager help page:
  http://live.gnome.org/JhbuildIssues/Net … 8ee2cd8383
  states if this error occurs then install the 'ppp-dev' package in Debian.
  Anyone know what package I should install on Arch Linux?

  Distro-jumper wrote:
  JGC wrote:Why would you compile it from source if there's a package in testing?
  I'm using the ppc port of arch linux, and unfortunately network manager hasn't been included in testing yet. Though I did flag the packages as out of date a couple of days ago. Hopefully, it will be updated soon because compiling the latest network manager didn't work.
  If things in ArchlinuxPPC aren't working, you can simply assign to us a bug, that you can insert in Bugs section from www.archlinuxppc.org page.

• Branch office setup with L3 switch and router with IOS security

  Hello,
  I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
  I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
  Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
  I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
  If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
  Any input would be appreciated.
  Thanks,
  Austin

  Thanks for the input.
  1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
  2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3. 
  3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
  Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid.  

• Logical Switch and Logical Network

  Hello All...................I have Hyper-V Failover Cluster based on 5 Hosts and I am managing it with VMM 2012 R2. I was slightly confused with respect to Logical Network and Logical Switch in the Fabric Settings.  I would appreciate if someone could
  shed a little light on the difference between them.  Also, while there is a Logical Network defined by default (Name of the Virtual Switch of Hosts), there is nothing defined in the Logical Switch.  Which one is mandatory? Logical Network or Logical
  Switch? Can I delete the default Logical Network?

  Hi Nick,
  Please find below link for the whitepaper mentioned by Kristian.
  https://gallery.technet.microsoft.com/Hybrid-Cloud-with-NVGRE-aa6e1e9a
  For a complete reference please refer below series. This covers VMM 2012 SP1 but should be fine with R2 as well.
  http://blogs.technet.com/b/scvmm/archive/2013/01/08/virtual-networking-in-vmm-2012-sp1.aspx
  Logical Network is defined for easier management and used in Network Virtualization where as Logical switch is used to configure networking in multiple Hosts rather than creating individual Virtual switches in each host. If it were me I'll leave the
  default logical network as there is no harm of doing nothing in it.
  I hope this will shed some light into your situation.
  Thanks,
  Janaka
  Janaka Rangama MCT MIEEE MBCS (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable.)

• How to get "fast user switching" and network shares playing nice

  I've been alternating between banging my head against a wall and reading every forum I could find to try and get a reasonable compromise between using "Fast user switching" and sharing a folder from a file server.  It baffles me how the network share/mount model of OSX/AFP is completely killed by fast-user-switching; this is a big problem with Apple requiring users to be actively logged in to share music/video from iTunes which therefore essentially requires fast-user-switching if anyone else wants to use the computer.  (anyone find it odd that you can share files without being logged in, but sharing songs requires an active login for each user who is sharing?  Apple: time to make iTunes sharing a service!)
  For the sake of example, lets just say I want to share my /Groups folder from my desktop and have it be accessible to my laptop.  Here are all the things that I tried:
  Apple Method 1) Share /Groups in the Server.app on the desktop (running Lion Server), use finder on the laptop and drag the share icon to "Login Items", alternative use a startup Apple script using "mount volume"  Both of the options work and will mount the /Groups folder under /Volumes/Groups, of course when the second person logs in via fast-user-switching (and occasionally the first person for no apparent reason), they will get /Volumes/Groups-1 since /Volumes/Groups is already taken.  Tomorrow we log in a different order and now the previously /Volumes/Groups-1 user has their mount at /Volumes/Group and vice versa.  Any links, aliases, finder sidebar references, and application settings which pointed to yesterday's location are now BROKEN.  Not very user friendly to my mother-in-law who is trying to find those pictures of the kids and doesn't know anything about mount points. I also can't reasonably mirror the file location structure on the desktop so that application preferences that are synced between the two (portable home directories) work.   fail.
  Apple Method 2) Use automounter and set up by hand direct maps for /Groups or an indirect maps for the children of /Groups.  Now it will automatically get mounted to /network/servers/SERVER/Groups/ on the laptop and on the desktop it will automatically create a similar symlink structure so that the same path (/network/servers/SERVER/Groups) work both on desktop and laptop.  Cool.  Except when the second person logs in, the /network/servers/SERVER/Groups/ mountpoint is already owned by the first user and they don't have any permissions to access it.  Fail.
  Apple Method 3) Use mount_afs and specify directly the mount-points.  Have each user have their own startup AppleScript which mounts /Groups to a different location (e.g. /Users/Shared/username/Groups) that way they don't conflict with multiple users.  On the desktop, set up symlinks from /Users/Shared/username/Group to /Groups so that it will be the same as the client and applications settings will work when synchronized back/forth by portable-home-directories.  Will it work, yes it does, but what a bear to maintain.  Is this really what I should expect to do just to have multiple users on my desktop and laptop (which again is essentially required now if I want to do any type of iTunes sharing).  This can't be what apple expects.
  What I ended up doing - the "not quite apple" solution.
  Non-Apple Method 4) After a read of "Autofs: Automatically Mounting Network File Shares in Mac OS X" (http://images.apple.com/business/docs/Autofs.pdf) at the very end there is a single paragraph  of "Kerberized NFS": "A Kerberized NFS mount can have multiple connections from multiple users, each using the correct user’s credentials for each transaction. This allows administrators to support multiple users, each authenticated with their own credentials to the same mount point. This is very different from AFP and SMB mounts," (emphasis mine)
  It appears that by using good 'ole NFS (abeint with Kerberos for security!) you can actually have multiple users on the same mount point.  Roughly following the guidance at https://support.apple.com/kb/TA24986?viewlocale=en_US.  What I needed to do was:
  1) create /etc/exports on my desktop and add a single line "/Groups -sec=krb5".  The existence of /etc/exports triggered a start of nfsd which no longer has any GUI options in Lion.
  2) Add a line to /etc/auto_master on my laptop "/-  auto_mymounts" to reference a new direct map.
  3) Create /etc/auto_mymounts and add a single line "/Groups         SERVER:/Groups" to create the direct map.
  THAT'S IT.  Three lines in three files.
  Now when I log into my laptop, there is a /Groups that is a network mount of my desktop's /Groups, same location AND it works for all of my users, even simultaneously. 
  In the end I'm happy with what I've got, but man was this a difficult path just to support fast-user-switching.  In Lion, Apple appears to be getting away from NFS (no longer turned on by default and remove from the GUI controls) but clearly this really useful functionality which doesn't exist in AFP. 
  I'm really curious, after all this work.  Any other ways to accomplish this?

  In my example above, yes I chose to mount the share "Groups" to the top of the root since that is where I put it on my server and I wanted to keep them similar; but that was just my preference, it isn't a requirement.  You can export and mount from other directories.

• Problems with SRW224G4 switch and Bridged Network Cards

  Hello,
  We have recently installed a SRW224G4 switch and have discovered that when we plug our DELL PowerEdge 2900 server into the switch, the switch loses all network connectivity and all of the LED's on the switch start flashing.
  The server works perfectly well plugged into another switch, but as soon as we introduce the SRW224G4 into the network, either with the server plugged into that switch or any other, the problem re-occurs.
  The only way we found we could eliminate this issue was if we disabled the Bridged Network connection on the two network cards on the server. If we do that, everything is fine, except the network performance of the server has dropped significantly.
  The server is plugged into the 1GB ports on the switch, although we tried it on the 100MB ports and received the same problems. The switch reports that the ports are running at full-duplex.
  Has anyone noticed this behavior before, and more importantly been able to rectify it.
  Thanks in advance for your assistance,
  Paul

  I had this problem as well with any Linksys 2024 or rackmountable switch..  The trick is, you need to use the network cards management software to "team" or bridged the 2 NIC's otherwise the switch detects a loop and the whole thing locks up. So lame...  Windows built in bridge mode stinks dont use it.  When you use the Intel management software or Dell or HP's NIc management software you have the option to actually choose "redundant mode" where you can pick a Nic to be the primary, or you can choose Load Balancing where you can essentially double your throughput by joining the 2 nics.
  In Windows 2008 Server, you actually do this by going to the Properties on the NIC in  Device Manger.  the software controls are now built right into the driver.  pretty neat.  2003 you can check Device Manager the same way but not sure if it's the same as 2008, you might need to run the actual NIC management app.
  Hope this helps
  fdigi 

• Cisco VMS can support management of router and switches

  I want to use Cisco VMS to manage my IPS and firewalls.
  A also have two routere and five switches in place can i use the same software to monitor and manage them or I need separate software.

  VMS 2.3 components and the capabilities of each. VMS is packaged in one sub-box with Obtaining Documentation directing you to VMS documentation and the following two CDs:
  1.VMS Management and Monitoring Centers Disk 1 of 2Contains these VMS components and associated product documentation:
  CiscoWorks Common Services
  Auto Update Server
  Management Center for Firewalls
  Management Center for IPS Sensors1
  Monitoring Center for Performance
  Monitoring Center for Security
  Management Center for VPN Routers
  2.VMS Management and Monitoring Centers Disk 2 of 2Contains these VMS components and associated product documentation:
  http://www.cisco.com/en/US/products/sw/cscowork/ps2330/products_installation_guide_chapter09186a00803bd364.html#wp1036990
  Management Center for Cisco Security Agents
  Resource Manager Essentials
  Resource Manager Essentials IDU 12
  Management Center for IDS Sensors 2.0.12
  Monitoring Center for Security 2.0.13
  Note You must install IDU 12 included on Disk 2 for RME to work with VMS 2.3 even if you already have RME 3.5 installed on your server.

• I have two wireless networks that I switch back and forth.  Everytime I switch the network zone my macbook pro hangs and I have to do a hard shutdown and restart.  What is the fix?

  I have two wireless networks that I switch back and forth.  Everytime I switch the network zone my macbook pro hangs and I have to do a hard shutdown and restart.  What is the fix?

  Create two locations in Network, one for one and one for the other.
  WiFi, Internet problems, possible solutions
  WiFi security issues, at home and WiFi hotspots

• Network Manager and 802.1x

  I dont have a problem with this I just would like to know where network manager stores the config files that contain the SSIDs.
  My problem is that Im trying to connect my motorola droid that is running a custom froyo rom to my Universitites secured Wifi since its a pain in the butt to keep logging in every time on my droid. Whats really bugging me is that my friend has a nexus one running the same rom and he can connect to it but I cant!
  I figured I'd rip the settings from wpa_supplicant.conf and copy it to my droid but I'm not using wpa_supplicant on arch :-/

  I dont have a problem with this I just would like to know where network manager stores the config files that contain the SSIDs.
  My problem is that Im trying to connect my motorola droid that is running a custom froyo rom to my Universitites secured Wifi since its a pain in the butt to keep logging in every time on my droid. Whats really bugging me is that my friend has a nexus one running the same rom and he can connect to it but I cant!
  I figured I'd rip the settings from wpa_supplicant.conf and copy it to my droid but I'm not using wpa_supplicant on arch :-/

• How do you reset or find your security question answers? I dont have the option to send a rescue email in manage your account, and i cant find a fix! I have tried so many things.!! Help this is annoying because i cant get anything from the appstore

  I. Forgot the answers to my apple id security questions. I cant buy anything from the app store. I have tried manage your account and tried to send a rescue email but i dont have the option. This is so annoying and i have tried many things, help!

  Have you tried contacting the owner of the iPhone?